BeaverYard

BeaverYard

AI Fine-Tuning Platform

Security Architecture

BeaverYard is built on a foundation of isolation, ephemeral compute, and strict data retention.

We understand that your fine-tuning datasets are proprietary and sensitive. Our architecture is designed to purely process data, never store it longer than necessary, and never use it for our own foundation model training.

๐Ÿ”’ Data Protection

  • โœ“Encryption at Rest: All datasets and artifacts are stored in S3 buckets encrypted with AWS KMS Customer Managed Keys (AES-256).
  • โœ“Encryption in Transit: All API and web traffic is secured via TLS 1.3, terminated at the Application Load Balancer (ALB).
  • โœ“Database Security: Metadata is stored in an encrypted-at-rest RDS PostgreSQL instance within a private subnet.

๐Ÿ›ก๏ธ Network Defense

  • โœ“WAF Protection: AWS WAFv2 protects public endpoints with rate limiting (2000 req/5min) and managed rules for SQLi/XSS.
  • โœ“VPC Isolation: Compute resources run in private subnets with no public ingress. Outbound traffic flows via NAT Gateway.
  • โœ“DDoS Mitigation: CloudFront and AWS Shield Standard provide perimeter defense against volumetric attacks.

โšก Compute Isolation

  • โœ“Ephemeral Workers: Training jobs run on ECS Fargate tasks that are provisioned on-demand and terminated immediately after completion.
  • โœ“No Shared Memory: Each training job runs in its own isolated container environment with dedicated vCPU and RAM.
  • โœ“Strict IAM Roles: Worker tasks have minimal IAM permissions (Least Privilege), scoped only to their specific S3 paths.

๐Ÿงน Data Lifecycle

  • โœ“Auto-Deletion: S3 Lifecycle Policies automatically permanently delete upload datasets after 7 days.
  • โœ“Artifact Retention: Finetuned models are retained for 4 days (Launch) or 7 days (Orbit), extendable to 30 days with an add-on, before being strictly purged.
  • โœ“No Training on Customer Data: We contractually guarantee that your datasets are NOT used to train BeaverYard's own models.

Common Questions

Do you have SOC2 or ISO 27001 certification?โ†“
Not yet. As a Phase 1 platform, we adhere to industry best practices (CIS Benchmarks, AWS Well-Architected) but have not yet undergone formal third-party audits. This is on our roadmap for Phase 2.
Where is my data stored?โ†“
All data is processed and stored in the US East (N. Virginia) AWS region (us-east-1). We do not replicate data to other regions.
Start Run